From b9e836cec77594ee34ab5734da6ec08b84477097 Mon Sep 17 00:00:00 2001 From: missytake Date: Sun, 16 Feb 2025 22:44:34 +0100 Subject: [PATCH 1/3] chatmaild: fix umask for doveauth + metadata fix #453 --- CHANGELOG.md | 3 +++ cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f | 1 + cmdeploy/src/cmdeploy/service/doveauth.service.f | 1 + 3 files changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 697558e6..6915cc01 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,9 @@ - use old crypt lib in python < 3.11 ([#483](https://github.com/deltachat/chatmail/pull/483)) +- chatmaild: set umask to 0700 for doveauth + metadata + ([#490](https://github.com/deltachat/chatmail/pull/492)) + - remove MTA-STS daemon ([#488](https://github.com/deltachat/chatmail/pull/488)) diff --git a/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f b/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f index b178819d..117884f4 100644 --- a/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f +++ b/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f @@ -7,6 +7,7 @@ RestartSec=30 User=vmail RuntimeDirectory=chatmail-metadata +UMask=0700 [Install] WantedBy=multi-user.target diff --git a/cmdeploy/src/cmdeploy/service/doveauth.service.f b/cmdeploy/src/cmdeploy/service/doveauth.service.f index 657430d3..b85b0075 100644 --- a/cmdeploy/src/cmdeploy/service/doveauth.service.f +++ b/cmdeploy/src/cmdeploy/service/doveauth.service.f @@ -7,6 +7,7 @@ RestartSec=30 User=vmail RuntimeDirectory=doveauth +UMask=0700 [Install] WantedBy=multi-user.target From 6e970edea5a427e693b5d3e833df46bae9bb185a Mon Sep 17 00:00:00 2001 From: missytake Date: Mon, 17 Feb 2025 18:04:44 +0100 Subject: [PATCH 2/3] CI: actually wipe staging-ipv4 before deployment --- .github/workflows/test-and-deploy-ipv4only.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-and-deploy-ipv4only.yaml b/.github/workflows/test-and-deploy-ipv4only.yaml index 0480ec90..a60180e5 100644 --- a/.github/workflows/test-and-deploy-ipv4only.yaml +++ b/.github/workflows/test-and-deploy-ipv4only.yaml @@ -49,7 +49,7 @@ jobs: -H "Authorization: Bearer ${{ secrets.HETZNER_API_TOKEN }}" \ -H "Content-Type: application/json" \ -d '{"image":"debian-12"}' \ - "https://api.hetzner.cloud/v1/servers/${{ secrets.STAGING_SERVER_ID }}/actions/rebuild" + "https://api.hetzner.cloud/v1/servers/${{ secrets.STAGING_IPV4_SERVER_ID }}/actions/rebuild" - run: scripts/initenv.sh From 26711dc80252a1e5ec53269113e5a9337f7a0066 Mon Sep 17 00:00:00 2001 From: missytake Date: Mon, 17 Feb 2025 18:27:48 +0100 Subject: [PATCH 3/3] chatmaild: umask needs to be 0077, not 0700 --- cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f | 2 +- cmdeploy/src/cmdeploy/service/doveauth.service.f | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f b/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f index 117884f4..968b4885 100644 --- a/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f +++ b/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f @@ -7,7 +7,7 @@ RestartSec=30 User=vmail RuntimeDirectory=chatmail-metadata -UMask=0700 +UMask=0077 [Install] WantedBy=multi-user.target diff --git a/cmdeploy/src/cmdeploy/service/doveauth.service.f b/cmdeploy/src/cmdeploy/service/doveauth.service.f index b85b0075..9d858960 100644 --- a/cmdeploy/src/cmdeploy/service/doveauth.service.f +++ b/cmdeploy/src/cmdeploy/service/doveauth.service.f @@ -7,7 +7,7 @@ RestartSec=30 User=vmail RuntimeDirectory=doveauth -UMask=0700 +UMask=0077 [Install] WantedBy=multi-user.target